Saturday, April 21, 2012

In his first
television interview since he resigned from the National Security
Agency over its domestic surveillance program, William Binney
discusses the NSA’s massive power to spy on Americans and why the
FBI raided his home after he became a whistleblower. Binney was a
key source for investigative journalist James Bamford’s recent
exposé in Wired Magazine about how the NSA is quietly building the
largest spy center in the country in Bluffdale, Utah. The Utah spy
center will contain near-bottomless databases to store all forms of
communication collected by the agency, including private emails, cell
phone calls, Google searches and other personal data.

Watch this segment on Democracy
Now! There are also other segments of this series that you will
want to watch, but Binney’s revelations are chilling.

Singapore has
begun installing police surveillance cameras that will eventually
cover all 10,000 public-housing blocks across the island, officials
confirmed Friday.

The move
immediately drew mixed reactions in a city-state already famous for
being one of the world’s safest societies but now undergoing
political transition as citizens demand greater freedom from
government control.

"The UK government's proposal
to separate communications data from content, as part of new plans to
allow intelligence services to monitor all internet activity, is
infeasible according to a panel of technology experts. Speaking at
the 'Scrambling for Safety' conference in London, Ross Anderson,
professor of security engineering at the University of Cambridge
Computer Laboratory, said that the distinction between traffic data
as being harmless and content as being sensitive is becoming
less and less relevant. 'Now that people
are living more and more of their lives online, the pattern of who
you communicate with and in what order gives away pretty well
everything,' he said. 'This means that, in data
protection terms, traffic data is now very often going to be
specially sensitive data.'"

… The problem is related to malware
called DNSChanger
that was first discovered way back in 2007 and that has infected
millions of computers worldwide.

As a U.S attorney said in an FBI press
release, the crooks "were international cyberbandits who
hijacked millions of computers at will and rerouted them to Internet
Web sites and advertisements of their own choosing -- collecting
millions in undeserved commissions for all the hijacked computer
clicks and Internet ads they fraudulently engineered."

Late last year, however, the FBI
disrupted the ring and seized the rogue servers. And since so many
infected computers relied on the servers to reach the Internet, the
agency opted not to shut them down and instead converted them to
legitimate DNS machines.

Running the machines costs the
government money, though,so they're being switched off in July. If
your computer is infected with DNSChanger then, the Web -- for you --
will no longer exist.

Although
we've been seeing this for years, I still doubt that IT is ready to
manage it. Probably some interesting legal issues too.

… In a blog posted Thursday,
"Managing
'BYO' PCs in the enterprise (including WOA)", Mircrosoft's
Jeffrey Sutherland, a program manager lead in the company's
Management Systems group, addresses the "drive towards
consumerization of IT" and how consumer technology is "bleeding
into business organizations." In short,
employees are bringing their personal laptops, tablets,
and smartphones to work rather than using the devices assigned to
them by the organization they work for.

WOA refers to Windows-[8]-on-ARM, or
what is now called Windows RT. Devices running Windows RT will
include tablets, hybrid tablet-laptops, as well as small laptops --
all running on power-efficient ARM chips from Qualcomm, Nvidia, or
Texas Instruments.

Forget Harvard (even Yale does) –
this is what we're competing with. Many Academics are dismissing
this trend, but with some classes enrolling over 100,000 students
it's clear there is a market here... (Strange collection of examples
they picked...)

Friday, April 20, 2012

The
Privacy Foundation
(http://privacyfoundation.org/)
has the flier for their May 11th Seminar up on their
website. Where else can you gain so much wisdom for a mere $20? And
they toss in lunch for FREE!

A federal judge in Iowa has ruled that
evidence gathered through the warrantless use of covert GPS vehicle
trackers can be used to prosecute a suspected drug trafficker,
despite a Supreme Court decision this year that found such tracking
unconstitutional without a warrant.

U.S. District Judge Mark Bennett in
Sioux City ruled
last week (.pdf) that the GPS tracking evidence gathered by
federal DEA agents last year against suspected drug trafficker Angel
Amaya, prior to the Supreme Court ruling, can be submitted in court
because the agents were acting in good faith at the time. The
agents, the judge said, were relying on what was then a binding 8th
U.S. Circuit Court of Appeals precedent that authorized the use of
warrantless GPS trackers for surveillance in Iowa and six other
states.

(Related) Wonderful! Now my Ethical
Hackers will be able to “PROVE!” they were only going 15 mph when
they passed that cop.

"A bill already passed by the
Senate and set to be rubber stamped by the House would make it
mandatory
for all new cars in the United States to be fitted with black box
data recorders from 2015 onwards. Section 31406 of Senate Bill 1813
(known as MAP-21), calls for 'Mandatory Event Data Recorders' to be
installed in all new automobiles and legislates for civil penalties
to be imposed against individuals for failing to do so. 'Not later
than 180 days after the date of enactment of this Act, the Secretary
shall revise part 563 of title 49, Code of Federal Regulations, to
require, beginning with model year 2015, that new passenger motor
vehicles sold in the United States be equipped with an event data
recorder that meets the requirements under that part,' states the
bill."

I'm
designing a line of foil lined baseball caps with pictures of my
favorite lawyers on top...

Congressmen Ed Markey and Joe Barton,
co-chairs of the Congressional Bi-Partisan Privacy Caucus, have sent
a letter
to the FAA about drones and privacy concerns. They ask the right
questions about transparency and privacy protections – questions I
wish the FAA had been asked before the law had been passed.
A response is requested by May 10.

This could be very informative, but...
When this study started, did we even know what sexting was?

"A University of Texas-Dallas
developmental psychology professor has used a $3.4 million NIH grant
to purchase Blackberries for 175 Texas teens, capturing
every
text message, email, photo, and IM they've sent over the past 4
years. Half a million new messages pour into the
database every month. The researchers don't 'directly ask' the teens
about privacy issues because they don't want
to remind them they're being monitored. So many
legal and ethical issues here. I can't believe this is IRB-approved.
Teens sending nude photos alone could make that database legally
toxic. And then there's the ethical issue of monitoring those who
have not consented to be part of the study, but are friends with
those who have. When a friend texted one participant about selling
drugs, he responded, 'Hey, be careful, the BlackBerry people are
watching, but don't worry, they won't tell anyone.'"

Samples of DNA
were collected without parental consent from students at a
Sacramento, Calif., middle school in connection with the murder of an
8th grade student who was found stabbed, strangled and
beaten to death near the dugout of a local park.

The Sacramento
Sheriff’s Department, which has been spearheading the investigation
into the murder of Jessica Funk-Haslam, 13, said
parental consent was not required in the DNA collection
and interview of minors, several of whom were taken out of class
during the day last week at Albert Einstein Middle School.

“These
are interviews, not interrogations,” Sheriff’s Deputy
Jason Ramos told ABCNews.com. “They are all
consensual. Once it’s done, there is a mechanism in place for
school administrators to notify parents.”

[...]

There is nothing
under California law that prohibits DNA collection of consenting
minors, said John Myers, a professor at the McGeorge School of Law in
Sacramento.

Say what?? How can minors meaningfully
consent? And what happens to the DNA samples after this
investigation? Will they be destroyed or will some profile be stored
in a state or federal database? And were the students told what
would happen to the samples before they were asked for their consent?

"In a somewhat startling
decision, the U.S. Court of Appeals for the Ninth Circuit has ruled
that several employees at an executive recruitment firm did
not exceed their authorized access to their company's database
when they logged into the system and stole confidential data from it.
The appellate court's decision affirms a previous ruling made by the
U.S. District Court for the Northern District of California. The
government must now decide if it wants to take the case all the way
to the U.S. Supreme Court. The judge wrote that the Computer Fraud
and Abuse Act, under which they were charged, applies primarily to
unauthorized access involving external hackers. The
definition of 'exceeds authorized access' under the CFAA applies
mainly to people who have no authorized access to the computer at
all, the judge wrote. The term would also apply to
insiders who might have legitimate access to a system but not to
specific information or files on the system Applying the language in
the CFAA any other way would turn it into a 'sweeping
Internet-policing mandate,' he wrote."

… The FBI assessment, which Threat
Level reported
Wednesday, concluded that the Vagos
Motorcycle Club, which the bureau has declared an outlaw
motorcycle gang based in Southern California, has trademarked its
jacket patch — replete with the trademark registration symbol —
to block “law enforcement agencies from inserting undercover
officers” into the club.

“It’s the most ridiculous thing
I’ve ever heard in my life,” Joseph Yanny, the group’s
attorney, said in a telephone interview from Los Angeles. Yanny
quipped that the bureau, in coming to its conclusions, was likely
“interviewing clowns in Vegas.”

It used to be “Sport.” “Everything
that is not trademarked is copyrighted. We own the rights to all
Olympic performances. We own all Olympic venues. In fact, we own
the athletes too. ”

"The European Parliament has
approved the controversial data transfer agreement, the bilateral PNR
(passenger name register), with the US which requires European
airlines to pass
on passenger information, including name, contact details,
payment data, itinerary, email and phone numbers to the Department of
Homeland Security. Under the new agreement, PNR data will be
'depersonalized' after six months and would be moved into a 'dormant
database' after five years. However the information would still be
held for a further 15 years before being fully 'anonymized.'"

An Internet privacy advocacy group
wants the Federal Communications Commission to release the full
report of its investigation of Google's Street View, which collected
and stored data from unencrypted wireless networks.

The Electronic Privacy Information
Center has filed a Freedom
of Information Act request to see the commission's full 25-page
report, saying it "raised questions about the scope of the FCC's
Street View investigation." A heavily redacted version painted
Google as being too busy to respond with alacrity to its request for
information and suggested more than slight frustration.

Getting a virus on your computer is bad
enough, but getting one on your phone is a whole other story. All
your personal information leaks, and sometimes that includes the
login credentials for many of the services you use. But how big of a
problem is mobile malware? Goode Intelligence has
had a go at quantifying the issue, and what they have to say
isn’t pretty: 24% of the organizations they surveyed reported that
they had to deal with infected devices during 2011. Back in 2010
that number was just 9%. How many companies enforce
the use of some sort of anti-virus software on their smartphones?
Less than 1 in 5.

A
network without hardware... Once upon a time, “networks” didn't
exist at all. If you wanted to send information from point A to
point B you needed a direct, dedicated circuit.

As part of its new-age system for
moving traffic between its massive data centers, Google is using a
network controller built in tandem with swashbuckling
Silicon Valley startup Nicira, according to a Google presentation
posted to the web.

On Tuesday, during a speech in Santa
Clara, California, Google’s Urs Hölzle — the man who oversees
the company’s worldwide network of data centers — revealed that
the company is now using
an open source protocol known as OpenFlow to completely overhaul
the links between the computing facilities that drive its sweeping
collection of web services, and a slide presentation that accompanied
the speech was posted to the web.

The presentation
has now been removed, but an extra slide tacked on to the end of
the file indicated that Google is driving its OpenFlow-based network
gear using a controller called Onix. (We’ve
uploaded a copy of the presentation here.) Onix serves as the
basis for the software offered by Nicira, an outfit that recently
emerged from stealth mode touting a new breed of network that exists
only as software. According to a 2010
research paper, Onix was designed by four Nicira engineers, three
Googlers, an NEC employee, and an academic who was among Nicira’s
co-founders. The top four contributors to the paper are Nicira
employees.

"Two
70-year-old papers by Alan Turing on the theory of code breaking
have been released by the government's communications headquarters,
GCHQ. It is believed Turing wrote the papers while at Bletchley Park
working on breaking German Enigma codes. A GCHQ mathematician said
the fact that the contents had been restricted 'shows what a
tremendous importance it has in the foundations of our subject.'"

[From the article:

The two papers are now available to
view at the National Archives at Kew, west London. [No
electronic version? Fire up the jet, Kato. Bob]

Image analysis startup Verifeyed
wants to bring a new a sense of legitimacy to the world of digital
images.

“Today, digital images are
everywhere. But, image editing tools like Adobe Photoshop easily
allow the creation of fake images with just a few clicks,” the
startup told VentureBeat. “As a result, digital images have lost
their trustworthiness. This situation only worsens as products such
as Photoshop become more prevalent, sophisticated, and easy to use.”

… it plans solve the problem using
its patent pending technology that is able to certify the originality
(or absence of modification) for digital images taken from any
device. Also, it uses math (a lot of it) — a product of the
founders specialty as PhD researchers in the area of applied
mathematics.

Adam Klasfeld reports on yesterday’s
hearing on nominees to the Privacy and Civil Liberties Oversight
Board, a board that has been inactive for years:

… Three years
into his term, Obama made his first five nominations: James Dempsey,
an executive with the Center for Democracy & Technology;
Elisebeth Collins Cook, a former Department of Justice lawyer; Rachel
Brand, an attorney for the U.S. Chamber of Commerce; Patricia Wald, a
former federal judge for the D.C. Circuit; and David Medine, a
WilmerHale partner tapped to chair the board.

Dempsey, Wald and
Medine are Democrats. Cook and Brand are Republicans.

All of the
candidates seemed reluctant Wednesday to comment on Obama
administration policies that most trouble civil libertarians.

"The case
involves an online game, MapleStory,
and some people who set up an alternate server, UMaple, allowing
users to play the game with the official game client, but without
logging into the official MapleStory servers. In this case, the
people behind UMaple apparently ignored the lawsuit, leading to a
default judgment. Although annoyed with MapleStory
(The Judge knocked down a request for $68,764.23 — in profits made
by UMaple — down to just $398.98), the law states a minimum of $200
per infringement. Multiply that by 17,938 users of UMaple... and you
get $3.6 million. In fact, it sounds like the court would very much
like to decrease the amount, but notes that 'nevertheless, the court
is powerless to deviate from the DMCA's statutory minimum.' Eric
Goldman also has
some further op-ed and information regarding the case and
judgement."

"Despite President Obama's
recent call for companies to 'insource' jobs sent overseas, it turns
out that the federal government itself is spending
millions of dollars to train foreign students for employment in
some booming career fields--including working in offshore call
centers that serve U.S. businesses. The program is called JEEP,
which stands for Job Enabling English Proficiency. It's available to
college students in the Philippines through USAID. That's the same
agency that until a couple of years ago was spending millions of
dollars in U.S. taxpayer money to train offshore IT workers in Sri
Lanka. Congressman Tim Bishop (D-New York), told about the program
on Tuesday, called it 'surprising and
distressing.' Bishop recently introduced a bill that would make
companies that outsource call centers ineligible for government
contracts." [Let's hope he meant
“offshoring” rather than “outsourcing” or he's in for another
surprise. Bob]

Sobotong is a free to use search engine
that lets you search for items in two different languages. You use
the site like any other search engine; the only difference is that
you specify two languages to go along your query. A wide list of
languages is supported by the site. Your search results are displayed
in the first language you select, with the translated query on top.

James Gubbins commented on Monday's
list with the suggestion of adding Hurley
Calculus to the list. Hurley Calculus, as the name
implies, provides lessons on calculus. There are currently 73 videos
in the Hurley Calculus channel.

Math
Doctor Bob'sYouTube
channelwas suggested by a reader using the Disqus ID
Npisenti. Math Doctor Bob offers nearly 700 video lessons on
statistics, algebra I and II, calculus, geometry, and much more. The
lessons feature Doctor Bob giving the lesson in front of a whiteboard
so you see him and don't just hear his lessons.

Patrick
JMT was suggested by Robert Borgersen who wrote,
"Patrick JMT is HUGE, and equally good, if not better in some
places, than Khan." Patrick JMT doesn't cover as many topics as
Khan or Math Doctor Bob, but the videos are equally solid. I've
included one of the Whole Numbers and Place Values lesson video
below.

Wednesday, April 18, 2012

The war on drugs
has gone digital; but is it also a war on cellphone users?

That’s just one
of the questions raised by an msnbc.com investigation into use of
cellphone tracking data by local police departments across the
nation. Msnbc.com built a database of thousands of invoices issued
by cell phone network providers to cities after cops asked for caller
location and other personal information between 2009-2011. The
invoices were first obtained by the American Civil Liberties Union
and released to the public earlier this month.

The database
offers perhaps the first blow-by-blow accounting of several cities’
use of cellphone tracking as a crime-fighting tool and the potential
blow to civil liberties that the requests represent.

Read more on Red
Tape. It really gives a sense of what might be going on around
the country as well as how carriers bill – or don’t bill – for
services and how most requests do not involve
warrants.

Pasco County
students who use cellphones or other electronic devices to snap
photos of classmates, teachers or anyone else at school would need to
ask permission under planned revisions to the student code of
conduct.

They would also
need to ask the person’s permission before posting those photos on
social network sites or other Internet sites.

The man credited with inventing the
World Wide Web has come out against the British government's
contentious plans to monitor all Internet communication.

In an extensive interview with U.K.
newspaper the Guardian,
Tim Berners-Lee said the type of surveillance that the government was
proposing was tantamount to the "destruction of human rights"
and "the most important thing to do is to stop the bill as it is
at the moment."

I am amazed that a
motorcycle gang would stoop so low as to admit an IP Lawyer... (My
God! You don't think they're all IP Lawyers, do you?)

We’ve always considered trademarking
as a way to protect a company’s intellectual property and to aid
consumers in identifying trusted products and services.

But on Tuesday, we stumbled on a novel
use of intellectual-property law put into play by an alleged
organized crime syndicate founded in Southern California.

The Vagos
Motocrycle Club, which the Federal Bureau of Investigation has
declared an outlaw motorcycle gang, has trademarked
its jacket patch, replete with the trademark registration symbol,
“in an effort to prevent law enforcement agencies from inserting
undercover officers into their organization,” according to an FBI
memo that surfaced on Tuesday.

The 2011 “law enforcement sensitive”
memo
(.pdf), unearthed by the Public
Intelligence blog, warns infiltrating law enforcement officers
that they “may be placing themselves in danger” if they don’t
have the registration symbol at the bottom of the 600-member club’s
patch, which is an insignia of Lokia, the god of
mischief. [The patron saint of lawyers? Bob]

Amazon’s cloud computing
infrastructure is growing so fast that it’s silently becoming a
core piece of the internet.

That’s according to an analysis done
by DeepField Networks, a
start-up that number-crunched several weeks’ worth of anonymous
network traffic provided by internet service providers, mainly in
North America.

They found that one-third
of the several million users in the study visited a website that uses
Amazon’s infrastructure each day.

… It’s popular with companies
that see big spikes and drops in computing demand. Netflix
uses it to handle the back-end of its streaming service, which is
in hot demand on Sunday nights and then gets quiet a few hours later.
And a supercomputing company called Cycle Computing even managed to
build
one of the world’s 50 most powerful supercomputers on the
Amazon cloud.

… The company operates several data
centers — it calls them “availability zones” — in Virginia,
the West Coast, Singapore, Tokyo and Europe and, clearly, they have
been growing fast in the past few years.

According to data
compiled by Adrian Cockcroft, director of cloud architecture at
Netflix, Amazon has increased the number of IP addresses assigned to
servers in those data centers more than fivefold in the past two
years — from just over a quarter-million IP addresses in February
2010 to more than 1.7 million last month.

That could show that Amazon’s
business is growing even faster than most people realize (Gartner
pegs its growth rate at about 30 percent year over year) or it could
mean that Amazon is simply loading up on IP addresses in anticipation
of future growth.

If you are an Internet user, it is more
than likely that you store some of your content in the cloud be it
Facebook, Google Docs, Dropbox or others. ZeroPC allows you to
connect all your cloud storage in one single space and navigate
through it seamlessly. The services supported are Box.net, Dropbox,
Facebook, Twitter, Evernote, Flickr, Google Docs, Instagram, Picasa,
Sky Drive and Sugar Sync.

… And now, two other Stanford
professors, on leave but still affiliated with the university, are
officially unveiling their startup, Coursera.

… I covered
Coursera earlier this year. But today the startup is pulling
back the curtain on its plans, announcing that it’s raised $16
million in funding from Kleiner Perkins Caufield & Byers and New
Enterprise Associates. It has also secured partnerships with four
universities – Princeton, Stanford, the University of Michigan, and
the University of Pennsylvania – which will offer open online
courses through the Coursera platform.

Over
1 million students have already signed up for the
initial courses that Coursera’s had posted on its website.

This week, EFF—along with a host of
other civil liberties groups—are protesting the dangerous new
cybersecurity bill known as CISPA that will be voted on in the House
on April 23. Here is everything you need to know about the bill and
why we are protesting:

The Federal Communications Commission
is clearing Google of wrongdoing in connection to it secretly
intercepting Americans’ data on unencrypted Wi-Fi routers.

The commission concluded Friday, in an
order unveiled Monday, that no wiretapping laws were violated when
the search giant’s Street View mapping cars eavesdropped on open
Wi-Fi networks across America.

… Last year, a federal judge ruled
that the search-and-advertising giant could be held liable for
violating federal wiretapping law, giving the greenlight to lawsuits
seeking damages over Google’s objections.

But the commission, which fined Google
$25,000 for stonewalling the investigation, found that legal
precedent — and an unnamed Google engineer’s refusal to speak to
FCC investigators — meant Google was off the hook for wiretapping.

“Based on careful review of the
existing record and applicable law, the bureau will not take
enforcement action,” the FCC’s enforcement bureau wrote
(.pdf) in a heavily redacted 25-page order. The agency commenced an
investigation after the Electronic Privacy Information Center
demanded that the government review Google’s behavior

How can you show tremendous
improvements in education if you don't start with low-scoring
students?

"Robert Krampf, who runs the
web site 'The Happy Scientist,' recently wrote in his blog about
problems with Florida's Science FCAT. The Florida Comprehensive
Assessment Test is an attempt to measure how
smart the students are. [So,
how well they are educated has nothing to do with it? Bob]
Where other states have teachers
cheating to help students, Florida decided to grade correct
answers as wrong. Mr. Krampf examined the state's science answers
and found several that clearly listed right answers as wrong. One
question had 3 out of 4 answers that were scientifically true. He
wrote to the Florida Department of Education's Test Development
center. They admitted he
was right about the answers, but said they don't expect 5th graders
to realize they were right. For this reason they marked them
wrong. As such, they were not changing the tests. Note: they
wouldn't let him examine real tests, just the practice tests given
out. So we have no idea if FCAT is simply too lazy to provide good
practice questions, or too stupid to be allowed to test our
children."

Canada has a “tax” on
blank CDs and DVDs that pays the music industry for “piracy” –
couldn't you argue that this is music they already paid for?

"A number of Canadian media
companies have joined forces to try to shut down a free music website
recently launched by the Canadian Broadcasting Corp., claiming it
threatens
to ruin the music business for all of them. The group, which
includes Quebecor Inc., Stingray Digital, Cogeco Cable Inc., the Jim
Pattison Group and Golden West Radio, believes
that CBCmusic.ca will siphon away
listeners from their own services, including
private radio stations and competing websites that sell streaming
music for a fee. The coalition is expected to expand soon to include
Rogers Communications Inc. and Corus Entertainment Inc., two of the
largest owners of radio stations in Canada. It intends to file a
formal complaint with the CRTC, arguing that the broadcaster has no
right under its mandate to compete with the private broadcasters in
the online music space. ... 'The only music
that you can hear for free is when the birds sing,'
said Stingray CEO Eric Boyko, whose company runs the Galaxie music
app that charges users $4.99 a month for unlimited listening. 'There
is a cost to everything, yet CBC does not seem to think that is
true.' ... The companies argue they must charge customers to offset
royalty costs which are triggered every time a song is played, while
the CBC gets around the pay-per-click problem
because it is considered a non-profit corporation.
... Media executives aren't the only ones who have expressed concern.
When the CBC service was launched in February, the Society of
Composers, Authors and Music Publishers said that when it set a flat
fees for the more than 100,000 music publishers it represents, it
never
envisioned
a constant stream of free music flooding the Internet."

Think about this one.
Does it foreshadow the death of the telephone industry? (Can they
compete with unlimited free video chat?)

Google Trends is the simplest and most
obvious solution to see what’s trending now.

Clicking on or searching for a trend
will allow you to see an analytical profile for those keywords. It
will scale the “hotness,” give you related searches, show a graph
of the search activity, and give you some relevant search and blog
results for the term.

Ten
Marks is another online tutoring service that offers mathematics
tutorial videos on their site as well as on their YouTube
channel. Some of the lessons in their playlists include lessons
on units of measurement, decimals, fractions, probability, area and
perimeter, and factoring.

Math
Class With Mr. V features seven playlists made by a mathematics
teacher teaching lessons on basic mathematics, geometry, and algebra.
In all there are more than 300 video lessons. Like most mathematics
tutorials on YouTube, Math Class With Mr. V uses a whiteboard to
demonstrate how to solve problems.

The Open University is one of my go-to
YouTube channel for all things academic. A quick search on The Open
University reveals seven
playlists that include lessons in mathematics. The lessons that
you will find in these playlists are more theoretical than they are
"how to" lessons.

Yay
Math! features an excited teacher teaching mathematics lessons to
his students. The videos capture just the teacher and his whiteboard
with some feedback from students. The videos cover topics in Algebra
and Geometry. You can check out the Yay
Math! companion website to learn more about Robert Ahdoot, the
teacher featured in the videos.

Global Warming! Global Warming! Is
really Global Climate Change. To say we don't yet have the full
picture is a gross understatement.

Monday, April 16, 2012

My Ethical Hacker students thank you
for pointing out a major bank vulnerability! (Postcards from Brazil
to follow...) Let's not encourage improved security here, at least
until we offer to return all their bank accounts in exchange for an
end to weapons development...

A computer
specialist, who used to work for a PSP (payment service provider)
company which offers a number of Iranian banks services for accepting
electronic payments, has hacked accounts of three million bank
customers to show the vulnerability of the banks to computer security
threats, the Persian service of the Fars News Agency reported on
Sunday.

According to the
report, the hacker had provided the managing directors of the
targeted banks with information about the bank accounts of 1000
customers in the previous Iranian calendar year (ended on March 19)
to warn them about the susceptibility of their computer systems and
networks to cyber threats.

The Central Bank
of Iran issued a statement on Saturday advising the bank customers to
change the passwords of their bank cards to prevent possible credit
card fraud.

An official at the
Central Bank of Iran also told the Persian service of IRNA on Sunday
that no one has illegally accessed people’s bank accounts.

“It is possible
that certain individuals have some information… but they cannot use
this information until the bank cards are not in their possession,”
Nasser Hakimi said.

The deputy chief
of Iran’s cyber police, Mohsen Mirbahresi, also said on Sunday that
there is no cause for concern because the hacker has not acquired
important financial information, such as bank account numbers.

No statement about improving security?
Changing passwords isn’t going to do it if the security problems
aren’t addressed.

Radio
Free Europe and Kabir
News identify the hacker as Khosrow Zare Farid, a former manager
at Eniak,the operator of Shetab payment network in Iran. According
to Kabir News, Farid had previously warned the banks of the
problem but got no response and decided to publish the data of 3
million accounts from ten Iranian banks.

I suspect he’s got
their attention now. [Run! Bob]

The Iran
Independent News Service reports that ATM’s in the country are
no longer dispensing cash and that the only function working is the
mode for changing the passwords.

I have a friend whose life goal is to
“invent a new sin!” This, he assures me, is a way to guaranteed
riches... Cybercrime isn't “a new sin.”

"In less than 15 years,
cybercrime has moved from obscurity to the spotlight of consumer,
corporate and national security concerns. Popular accounts suggest
that cybercrime is large, rapidly growing, profitable and highly
evolved; annual loss estimates range from billions to nearly $1
trillion. While other industries stagger under the weight of
recession, in cybercrime, business is apparently booming. Yet in
terms of economics, there’s something very wrong with this
picture. Generally the demand for easy money outstrips supply. Is
cybercrime an exception? If getting rich were as simple as
downloading and running software, wouldn’t more people do it, and
thus drive down returns? We have examined cybercrime from an
economics standpoint and found a story at odds with the conventional
wisdom. A few criminals do well, but cybercrime is
a relentless, low-profit struggle for the majority.
Spamming, stealing passwords or pillaging bank accounts might appear
a perfect business. Cybercriminals can be thousands of miles from
the scene of the crime, they can download everything they need
online, and there’s little training or capital outlay required.
Almost anyone can do it. Well, not really. Structurally, the
economics of cybercrimes like spam and password-stealing are the
same as those of fishing. Economics long ago
established that common-access resources make for bad business
opportunities. No matter how large the original opportunity, new
entrants continue to arrive, driving the average return ever
downward. Just as unregulated fish stocks are driven to
exhaustion, there is never enough “easy money” to go around.
How do we reconcile this view with stories that cybercrime rivals
the global drug trade in size? One recent estimate placed annual
direct consumer losses at $114 billion worldwide. It
turns out, however, that such widely circulated cybercrime estimates
are generated using absurdly bad statistical methods, making them
wholly unreliable."

This is news? You probably teach torts
in the torts class. By the time you reach Privacy Law, you should
recognize a tort when you trip over one. You don't teach Class
Actions in that class either.

Privacy torts
aren’t about the data. They usually are individualized revelations
in a one-of-a-kind setting. Importantly, the reasonableness test in
tort is a lousy match for whether an IT system is well designed.
Torts have not done well at building privacy into IT systems, nor
have they been of much use in other IT system issues, such as
deciding whether an IT system is unreasonably insecure or suing
software manufacturers under products liability law. IT
systems are complex and evolve rapidly, and are a terrible match with
the common sense of a jury trying to decide if the defendant did some
particular thing wrong. [That assumes juries would not understand
“here is how we protected customer privacy.” Bob]

That certainly helps answer questions
I’ve raised repeatedly on this blog, as to which privacy
tort might apply in a particular situation that I find disturbing or
egregious. It also helps explain why I find myself turning to the
FTC more to go after businesses under their authority to address
unfair business practices that can harm consumers.

Via LLRX.com
- SOPA’s Evil Twin
Sister – CISPA: Well known graphic artists Jake O'Neil and
Spencer Belkofer created this infographic out of a sense of urgency
to visualize the salient information with as many communities as
possible. This bill, the Cyber Intelligence Sharing and Protection
Act of 2011, has not garnered the media coverage of the Stop Online
Piracy Act (SOPA), but its high impact implications target key legal
issues involving privacy and intellectual property.

This is not about reading individual
emails. The software described looks at the overall semantic shifts.
Are employees whose emails contained invites to local fast food
joints now talk about going to the Union meeting? This is like
Google scanning your emails to deliver targeted ads, only here
employers are looking to see if they are the target.

"In an effort to protect
sensitive data from internal security threats, some organizations are
'using new technology to look at the language of their IT staff's
emails to determine
whether their behavior or mind-set has changed,' the Wall Street
Journal reports. Is secretly spying on and linguistically
interpreting employee emails going too far in the name of security?
from the article: 'I understand the need to be aware of the attitudes
of workers with high-level access to data and networks, but this
strikes me as creepy. What if an IT employee suddenly has
relationship problems or family issues? Will they then be flagged by
HR as potentially troublesome or even a data security risk? [and
will HR be correct? Bob] And all without them
even knowing there's a dossier being created of them and their
"suspect" behavior?'"

So I'm not actually trying to teach my
mom to use Twitter, but it makes for a nice title to this post. Mom,
This Is How Twitter Works is an excellent explanation with
visuals and text of how Twitter works. The post, written by Jessica
Hische, explains everything you need to know about
Twitter. Want to know what a reTweet is? That's covered.
Do you want to know which things on your timeline can or can't be
seen by others? That's explained. And just how does Twitter compare
to Facebook? Jessica has that covered too.

"The primary aim of DOAB
is to increase discoverability of Open Access books. Academic
publishers are invited to provide metadata of their Open Access books
to DOAB.
Metadata will be harvestable in order to maximize dissemination,
visibility and impact. Aggregators can integrate the records in
their commercial services and libraries can integrate the directory
into their online catalogues, helping scholars and students to
discover the books. The directory will be open to all publishers who
publish academic, peer reviewed books in Open Access and should
contain as many books as possible, provided that these publications
are in Open Access and meet academic standards."

Geeky: So simple, no one
thought to try this before? (Axiom: The best is rarely the most
heavily advertised.)

Denis Hennessy recently encountered a
problem we’ve all faced: he needed some AAs for a battery-eating
gizmo, and he was overwhelmed by the choices available. Ignoring the
shiny packaging and its marketing jargon, the core question was:
which brand offered the best bang-for-the-buck?

Hennessy knew that the cheapest price
did not necessarily mean the best value, so he did the only logical
thing: pull on his Mad Science labcoat, buy samples of all the
batteries, build an Arduino-controlled testing rig, and start
generating data.

… Over on his
blog, Hennessy has published the results of his tests of 10
different brands of battery. Most of the batteries perform about the
same from 1.5V down to about 1.2V, but below that, the results
diverge wildly, with about a 9x difference between the best and the
worst.

[From
the blog:

There’s a difference of
over 9X between the best value (RS Power Ultra) and the worst value
(Panasonic Evolta).

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.